Distributed Workforce

Recruiters not recommending your ideal infosec job candidates? Consider training them.

Questions to ask your cybersecurity recruiter.

It’s common to hear CISOs and other security professionals stress the importance of being able to communicate cyber concepts to senior business executives who may not be savvy to all things infosec. But it’s also wise to remember that CISOs don’t just interact with the board room; there are other business units that also need their guidance, including internal and external recruiters who help with the hiring of IT and security staffers. 

During a cyber workforce panel at InfoSec World 2023, two security thought leaders described how they work closely with recruiters to give them a better sense of what qualities to look for in job applicants. While degrees and certifications can certainly help give candidates a leg up, CISOs also sometimes look for more intangible qualities and background experience. It’s very much open to interpretation, which means recruiters need some direction in order to know how to narrow down the field to the CISO’s liking. 

"[T]he biggest thing for me is, you have to work with recruiters,” said fellow panelist John Carnes, an infosec industry veteran and thought leader. “You have to work with somebody who's going to spend a little time and talk to these people and screen them and say [to us], ‘Look, here’s somebody – and their avantgarde experience might be a fit for you.’” 

Carnes continued: “I sit down and talk with them and I make it very clear: Don’t give me [just] the master’s degree… I want somebody who [also] has that passion and that drive… Tell me who that diamond-in-the-rough is that you’re going to have trouble placing. And let’s talk about that person.” 

Shawn Harris, senior director, cybersecurity and compliance at Chipotle Mexican Grill, has at times followed a similar philosophy – noting that at a past employer organization he’d even train the recruiters. “Because they [didn’t] really understand our industry unless they [were] an agency specific to cybersecurity,” said Harris. “What [I would] actually do is go through probably 50 to 100 resumes and highlight things that I find interesting.”

Carnes added that sharing this strategy with recruiters is a vital part of his hiring process.

“Here's what I liked, here’s what I didn't like,” said Carnes. “You have to train them in how you work and what you’re looking for.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

UK cracks down on default passwords for smart devices

The UK has become the first country worldwide to prohibit Internet of Things device manufacturers from using default usernames and passwords in their products following the approval of the Product Security and Telecommunications Infrastructure act, which seeks to bolster smart device cybersecurity, The Hacker News reports.

Novel Wpeeper Android malware examined

BleepingComputer reports that hacked WordPress sites have been used as relay command-and-control servers by the novel Wpeeper Android malware, which has been spread via a pair of app stores impersonating the Uptodown App Store and is believed to have already compromised thousands of Android devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.